MDVSA-2011:064

Package name

libtiff

Date

2011-04-04

Advisory ID

MDVSA-2011:064

Affected versions

2009.0 x86_64 , MES5 i586 , 2010.0 x86_64 , 2010.1 i586 , 2010.0 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

Multiple vulnerabilities were discovered and corrected in libtiff:

Buffer overflow in LibTIFF allows remote attackers to execute arbitrary
code or cause a denial of service (application crash) via a crafted
TIFF image with JPEG encoding (CVE-2011-0191).

Heap-based buffer overflow in the thunder (aka ThunderScan) decoder
in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers
to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a
.tiff file that has an unexpected BitsPerSample value (CVE-2011-1167).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct these issues.

Updated packages

2009.0 x86_64

 12d1c6b013d1001804dcff1607ba0cbf  2009.0/x86_64/lib64tiff3-3.8.2-12.5mdv2009.0.x86_64.rpm
 7160228a5f9eb015f7c39b034e4168fe  2009.0/x86_64/lib64tiff3-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 dd60de9c42e6e6db115866b0729d11a6  2009.0/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdv2009.0.x86_64.rpm
 019b6c2c67897e9e15b61c5bd5290d7c  2009.0/x86_64/libtiff-progs-3.8.2-12.5mdv2009.0.x86_64.rpm 
 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

MES5 i586

 0e74dc01232af741c73b5429222c104b  mes5/i586/libtiff3-3.8.2-12.5mdvmes5.2.i586.rpm
 cf4880e23bca7320947faffb7493fe1c  mes5/i586/libtiff3-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 35e2c51269229b05e8127d8ff7a70559  mes5/i586/libtiff3-static-devel-3.8.2-12.5mdvmes5.2.i586.rpm
 053e112ce08dee96024c78cf1cc62c68  mes5/i586/libtiff-progs-3.8.2-12.5mdvmes5.2.i586.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

2010.0 x86_64

 89d02f64104cdeefcfff27251ac493e3  2010.0/x86_64/lib64tiff3-3.9.1-4.4mdv2010.0.x86_64.rpm
 184361a7a031fd0040ef210289e659ad  2010.0/x86_64/lib64tiff-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 ea63a95bea50aa8c6173b7e018b52c16  2010.0/x86_64/lib64tiff-static-devel-3.9.1-4.4mdv2010.0.x86_64.rpm
 b683c3de7768e3be291f3cd0810f29f7  2010.0/x86_64/libtiff-progs-3.9.1-4.4mdv2010.0.x86_64.rpm 
 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

2010.1 i586

 6cae776a3869cba91324d4db8c3e445b  2010.1/i586/libtiff3-3.9.2-2.4mdv2010.2.i586.rpm
 9eb7c8e16bdccb2a08bbd51b842d6b8a  2010.1/i586/libtiff-devel-3.9.2-2.4mdv2010.2.i586.rpm
 b22f03fcab8549799bd989a1ac5b9505  2010.1/i586/libtiff-progs-3.9.2-2.4mdv2010.2.i586.rpm
 5207df22c3ce3a1dc5487e5a9f1386f5  2010.1/i586/libtiff-static-devel-3.9.2-2.4mdv2010.2.i586.rpm 
 edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

2010.0 i586

 516da8a4ac19bd931ec94c948e2202b3  2010.0/i586/libtiff3-3.9.1-4.4mdv2010.0.i586.rpm
 bb474b98be4cee2d5ce83b18a97e0b0a  2010.0/i586/libtiff-devel-3.9.1-4.4mdv2010.0.i586.rpm
 91bbafe5b93099fa6bc91a4ae2c792c5  2010.0/i586/libtiff-progs-3.9.1-4.4mdv2010.0.i586.rpm
 cfe592e3c30c76e9e814c828f4e9c850  2010.0/i586/libtiff-static-devel-3.9.1-4.4mdv2010.0.i586.rpm 
 82734445474583997f82f61a6bca5477  2010.0/SRPMS/libtiff-3.9.1-4.4mdv2010.0.src.rpm

2009.0 i586

 469f83f325486ac28efade864c4c04dd  2009.0/i586/libtiff3-3.8.2-12.5mdv2009.0.i586.rpm
 60ed02c79ace2efc9d360c6a254484d8  2009.0/i586/libtiff3-devel-3.8.2-12.5mdv2009.0.i586.rpm
 9eec6c7a71319a0dbe42043e3ce0143c  2009.0/i586/libtiff3-static-devel-3.8.2-12.5mdv2009.0.i586.rpm
 c83359e62f148232dbf4716c3db1da27  2009.0/i586/libtiff-progs-3.8.2-12.5mdv2009.0.i586.rpm 
 394324226f6347b8adde7d5a3b94e616  2009.0/SRPMS/libtiff-3.8.2-12.5mdv2009.0.src.rpm

CS4.0 i586

 26f8d583111883193418679358070dac  corporate/4.0/i586/libtiff3-3.6.1-12.11.20060mlcs4.i586.rpm
 6cc27c218fc154873d80b9f20d0026a0  corporate/4.0/i586/libtiff3-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 d2cc27f255b5c06ac0270501742d075a  corporate/4.0/i586/libtiff3-static-devel-3.6.1-12.11.20060mlcs4.i586.rpm
 1dce21141558e525afac04376ee88b0e  corporate/4.0/i586/libtiff-progs-3.6.1-12.11.20060mlcs4.i586.rpm 
 b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

CS4.0 x86_64

 909321cebadb1a6a98363111aafaa51f  corporate/4.0/x86_64/lib64tiff3-3.6.1-12.11.20060mlcs4.x86_64.rpm
 1e65799b8f71945b8577caa953f26f1a  corporate/4.0/x86_64/lib64tiff3-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 e0f3f375533db24c097249e2865d67c5  corporate/4.0/x86_64/lib64tiff3-static-devel-3.6.1-12.11.20060mlcs4.x86_64.rpm
 45d3bf776d6b0bf18b6dd475719d5109  corporate/4.0/x86_64/libtiff-progs-3.6.1-12.11.20060mlcs4.x86_64.rpm 
 b71b082cfc6e374765bdcc433074876e  corporate/4.0/SRPMS/libtiff-3.6.1-12.11.20060mlcs4.src.rpm

MES5 x86_64

 8b9eee08db52a402ff116c6f4f66e1cc  mes5/x86_64/lib64tiff3-3.8.2-12.5mdvmes5.2.x86_64.rpm
 ae5a101036721b2f2cb852861dd9195a  mes5/x86_64/lib64tiff3-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 deb731157dd46e649eb01fb66bb9c4ca  mes5/x86_64/lib64tiff3-static-devel-3.8.2-12.5mdvmes5.2.x86_64.rpm
 cf1e27dfce8783ba6dfa4d0d07949f8d  mes5/x86_64/libtiff-progs-3.8.2-12.5mdvmes5.2.x86_64.rpm 
 b11fe44b7f27853a08cb447713ba2b5d  mes5/SRPMS/libtiff-3.8.2-12.5mdvmes5.2.src.rpm

2010.1 x86_64

 fead69647d8429a2e0f3bde99440a81e  2010.1/x86_64/lib64tiff3-3.9.2-2.4mdv2010.2.x86_64.rpm
 f8eefcab2c69e31dc9e59b7c5fd1370a  2010.1/x86_64/lib64tiff-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 a14aa71d4721718fc2312f04b76163db  2010.1/x86_64/lib64tiff-static-devel-3.9.2-2.4mdv2010.2.x86_64.rpm
 cd214410be00ea40859776ac4f95f1da  2010.1/x86_64/libtiff-progs-3.9.2-2.4mdv2010.2.x86_64.rpm 
 edc5ff22e092f6c0c761ea064beec57e  2010.1/SRPMS/libtiff-3.9.2-2.4mdv2010.2.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191